Malware is a cost to computer and network users in all types of environments. It remains a challenge to correctly and effectively detect malicious software. For example, malware may perform an Internet Protocol (IP) address check to discover an IP address of the machine it is hosted on, contact a web site to determine a date or time, or check whether it is behind a proxy. Such behavioral patterns are more stable, and as a result it is much more difficult to change them than commonly-used malware signatures. Other activities related to the presence of malware may include software updating, downloading of graphical images, communications with a Domain-name Generating Algorithm (DGA) domain, and other suspicious activities. Although each one of these activities may appear suspicious, when presented alone, the activity may not be sufficient to conclude the existence of malware.
Other types of user behavior activities in a network may be of interest, even activities which are relatively benign.